Deploying Web Honeypots to Evaluate the Efficacy of Online Systems Against Phishing and Fraud Attacks

Date: Mar 27, 11:45am-12:45pm

Abstract: Phishing and fraud attacks remain the predominant class of social engineering attacks despite two decades of their existence. Most cyberattacks begin with a social engineering attack, finding the weakness in human fallibilities. Thus, it is very important in understanding the prevalent defense mechanism to safeguard users, platforms, brands, and the digital landscape. In the first fold, the author presents creating honeypots to measure the resilience of anti-phishing engines against phishing attacks. The idea is to profile the anti-phishing engines such as Google Safe Browsing, Microsoft SmartScreen, and others via creating honeypots. This offensive technique allows malicious actors to later deploy a phishing site applying cloaking attacks that can indefinitely be active in the wild. Thus, study of such weaknesses of anti-phishing safeguards users against phishing attacks. In the second fold, the author presents creating honeypots to bait fraudsters in social media platforms. With the ubiquity of social media platforms, fraudsters are tricking users through fake profiles performing various social engineering techniques. Such attacks cause millions of dollars of financial losses each year. The author proposes methodologies to study fraudulent social media profiles to uncover the modus operandi of the scammers, such as creating real time baiting posts and engaging with fraudsters via chatbots to interact. This serves as a foundational ground to reveal the scam life cycle and attack categories that are not readily obvious on public profile representation.

Biographical Sketch: Dr. Bhupendra Acharya is a postdoctoral researcher at the CISPA Helmholtz Center for Information Security, Saarbrücken, Germany, collaborating with Professor Thorsten Holz. He completed his doctoral degree in Engineering and Applied Sciences from the University of New Orleans, Louisiana, in December 2022. His research interests lie in web and network security, especially conducting large-scale measurements on internet cybercrimes such as phishing, scams, fraudulent payments, cryptocurrency attacks, and online illicit activities, as well as building proactive defenses and proposing mitigations against various attacks to prevent future incidents. He currently leads the Web and Network Security Research Lab at the Holz Scientific Group at CISPA and is open to collaboration in the field of cybersecurity and internet cybercrimes.

Location and Zoom link: Zoom Only https://fsu.zoom.us/j/98172284415